1. Field of the Invention
The present invention relates to the fields of distributed computer systems, distributed operating system, and object oriented programming. More particularly, the present invention relates to cross address space dynamic linking of program code segments at program start, and dynamic linking of a program code segment to a process.
2. Background
Today, most modem computer systems with virtual memory systems and multiprocessing allow more than one address space to be active at one time. The central processing unit (CPU) or units switch between the active address spaces at high speed. An address space is a range of logical addresses representing a range of memory locations within which programs and data may be stored.
Address spaces form a layer of security protection for the computer system. A process executing in non-supervisor mode in one address space typically cannot access another process executing in another address space, except through special means provided by the operating system. This prevents a process in one address space whose security has been compromised from damaging the entire computer system. A process is an instance of a program in execution.
On the other hand, operations performed by a process in supervisor mode are by definition secure. Entering supervisor mode before a process is allowed to perform operations on an address space therefore ensures that system security is not compromised. Thus, traditional operating systems typically require a process to enter supervisor mode before it can dynamically load a program into an address space. Loading a program into an address space involves obtaining memory from the operating system and associating the binary code of a program with the memory obtained.
If the program consists of several unconnected segments of binary code, and the segments of binary code have not been statically linked together before the program is loaded into the address space, the segments of binary code will have to be dynamically linked together after they are loaded into the address space, before execution of the program can be started. Typically, if the program has been statically linked, then only one "segment" of binary code is loaded, otherwise, more than one segment of binary code is loaded. Traditionally, operating systems also require the process to perform the dynamic linking in supervisor mode or within the address space where the program code to be linked is located. Linking segments of binary code involves resolving references in one segment of binary code which require addresses in the other.
Additionally, a dynamically linked program typically requires an initialization function to be called before starting execution. The initialization sets up the initial conditions required by the linked program's programming language run time system, and is necessary for the linked program to function correctly.
Supervisor mode cross address space dynamic linking was originally part of the Multix operating system and TENIX. Because it was perceived to involve excessive overhead, supervisor mode cross address space dynamic linking was dropped from most operating systems, until it was reintroduced in UNIX.TM. System V (Unix.TM. is the registered trademark of Unix Laboratory). Today supervisor mode cross address space dynamic linking is offered in OSF/1. For further description of supervisor mode cross address space dynamic linking under these operating systems, see E. I. Organick, The Multics System: An Examination of Its Structure, MIT Press, 1972, D. L. Murphy, Storage organization and management in TENIX, Proceedings of the Fall Joint Computer Conference, AFIPS, 1972, J. Q. Arnold, Shared Libraries on Unix System V, Summer Conference Proceedings, USENIX Association, 1986, and L. W. Allen, H. G. Singh, K. G. Wallace, and M. B. Weaver, Program Loading in OSF/1, Proceedings of the USENIX Winter 1991 Conference, 1991.
Non-supervisor mode dynamic linking within an address space was made available on the operating system SunOS 4.1, offered by the assignee of the present invention, Sun Microsystems, Inc. of Mountain View, Calif. (Sun.TM. is a registered trademark of Sun Microsystems, Inc.). Under SunOS 4.1, a process without having to enter supervisor mode first, can dynamically link shared libraries into itself when it starts up. Because the non-supervisor mode dynamic linking is limited to linking shared libraries to the process itself, therefore a process with compromised security can only affect the address space within which the process is executing. For further descriptions of dynamic linking under SunOS 4.1, see R. A. Gingell, M. Lee, X. T. Dang and M. S. Weeks, Shared Libraries in SunOS, Proceedings of USENIX Summer 1987 Conference, 1987. A similar procedure is used for dynamic linking on UNIX.TM. System V Release 4, see System V Application Binding Interface, Prentice Hall, 1991.
While limiting dynamic linking across address spaces to processes executing in supervisor mode or processes within the address space where the program code to be linked is located has the benefit of preventing a compromised process from compromising the entire system, it severely limits the extent to which dynamic linking can be used to securely modify execution behavior of a process. Thus, it is desirable to allow a process executing in non-supervisor mode to perform dynamic linking across address spaces without compromising system security.